This is going to be a series of posts about securing screens in a Windows Phone 7 Silverlight application.
Coming from .Net web applications, I was looking for a feature that will be similar to the authentication and authorization capabilities of Asp.Net with Forms Authentication. I want to be able to easily define a screen as secure and automatically show the login UI when needed without having extra code in each screen.
If the entire app needs to be secured, I can just show a login screen as the first screen but when the user presses the back button from the home page I don’t want to go back to that screen. With MyMobilePortfolio, I used a popup for the login UI. the popup is opened from the home page of the app. In this solution I will take it one step further by having public and secure screens in the app.
I’ve been using Caliburn Micro since I started developing WP7 apps and I love it. This framework is moving rapidly and some of the features I will use in this series of posts are in the latest checked in code but not in the latest release (at the time of writing). If something is missing, you should get the latest code and compile the Caliburn.Micro library yourself.
Step 1 – Figure out if a screen requires authentication before navigating to that screen.
There are two ways to accomplish this. Keep the list of secured screens in the applications configuration (a la asp.net) or add some definition to each screen if it’s secure. I’ve decided to take the second approach. I don't want to have some config file I need to update, the only advantage there would be if you wanted to quickly change a screen's secure setting without redeploying. That works in the web world but not in a mobile app.Since I’m using Caliburn Micro, I wanted to define a screen as secure in the view model and not in the view itself so I decided to create an interface called IRestricedAccess that I can check against before navigating to a screen.
Caliburn Micro uses a FrameAdapter class to navigate, I’m going to inherit from that class and change the Navigate method to include some logic (if a ViewModel implements IRestrictedAccess show the login screen, if not, just continue the navigation). In the WP7AppBootstrapper class, I’ll replace the FrameAdapter instance with SecurableFrameAdapter.
Because the Navigate method receives a uri, I have to use some conventions to figure out what the type of the view model is. This code was ‘borrowed’ from Caliburn Micro and simplified a bit to fit my own project.
The attached project is a basic WP7 Caliburn Micro application. The Framework folder includes the SimpleContainer and PhoneContainer classes that come with CM samples, the WP7AppBootstrapper and the SecurableFrameAdapter.There are four screens linked from the main page screen, two public and two secure.
In the next post, I'll add the login UI
WP7SecuredScreensPart1.zip (78.86 kb)
Just submitted this little app to the marketplace The WP7 version uses Caliburn Micro which made writing it very fast without too much unnecessary code. I’m also using RestSharp for REST calls to Google’s API, which made the client API classes very small. now I’m going to work on an Android version. so I’m looking for a good MVVM approach for that app as well(maybe Android Binding will do the trick).
Here are some screenshots Update:Here's a link to the website